How to Use PowerShell to Disable Manual Federation Between Okta and Microsoft Office 365
Apr 29, 2026
Single Sign-On
Okta Integration Network
Office 365
Okta Classic Engine
Okta Identity Engine
Overview
This article describes how to use PowerShell to disable the Microsoft Office 365 manual federation.
Applies To
- Microsoft Office 365
- Federation (WS-FED)
- PowerShel
- Okta Classic Engine
- Okta Identity Engine (OIE)
Solution
If Microsoft Office 365 is federated with Okta via PowerShell, it can only be de-federated using Microsoft's PowerShell Module as detailed below:
- Connect to the Office 365 instance via PowerShell.
- Further, there are two methods:
-
- Microsoft Online (MSOnline) method:
-
-
- Once connected, run the following PowerShell cmdlet to change Federation Authentication from Federated to Managed:
Set-MsolDomainAuthentication -DomainName <theO365Domain.com> -Authentication managed
- Once connected, run the following PowerShell cmdlet to change Federation Authentication from Federated to Managed:
-
-
-
- To check Federation status, run this cmdlet:
Get-MsolDomainFederationSettings -DomainName <theO365Domain.com>
- To check Federation status, run this cmdlet:
-
-
- Microsoft Graph (MgGraph) method:
-
-
- To connect and remove the federation, run the following PowerShell cmdlet:
Connect-MgGraph -Scopes Directory.AccessAsUser.All Remove-MgDomainFederationConfiguration -DomainId <DomainName> -InternalDomainFederationId (Get-MgDomainFederationConfiguration -DomainId <DomainName> | Select -Property Id).id
- To connect and remove the federation, run the following PowerShell cmdlet:
-
NOTE: Replace <DomainName> with the desired federated domain name (for example,
acme.com).
NOTE: Please test any PowerShell scripts extensively before running them in a production environment.
